1. Friday Squid Blogging: Ram’s Horn Squid Shells

    You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere).

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

    Read my blog posting guidelines here.

  2. Zero-Click iMessage Exploit

    Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware.

    Apple patched the vulnerability; everyone needs to update their OS immediately.

    News articles on the exploit.

  3. Identifying Computer-Generated Faces

    It’s the eyes:

    The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities. They also note that it would not be difficult to write software to spot such errors and for social media sites to use it to remove such content. Unfortunately, they also note that now that such irregularities have been identified, the people creating the fake pictures can simply add a feature to ensure the roundness of pupils.

    And the arms race continues….

    Research paper.

    ...
  4. Upcoming Speaking Engagements

    This is a current list of where and when I am scheduled to speak:

  5. Designing Contact-Tracing Apps

    Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps.

    Also see her excellent book on the topic.

  6. Friday Squid Blogging: Possible Evidence of Squid Paternal Care

    Researchers have found possible evidence of paternal care among bigfin reef squid.

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

    Read my blog posting guidelines here.

  7. ProtonMail Now Keeps IP Logs

    After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.”

    EDITED TO ADD (9/14): This seems to be more complicated. ProtonMail is not yet saying that they keep logs. Their privacy policy still states that they do not keep logs except in certain circumstances, and outlines those circumstances. And ProtonMail’s warrant canary has an interesting list of data orders they have received from various authorities, whether they complied, and why or why not.

    ...
  8. More Detail on the Juniper Hack and the NSA PRNG Backdoor

    We knew the basics of this story, but it’s good to have more detail.

    Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.

  9. Security Risks of Relying on a Single Smartphone

    Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the phone and replaced the SIM card, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse.

    Here’s a link to an archived version.

  10. Lightning Cable with Embedded Eavesdropping

    Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network.

    I blogged about a previous prototype here.

Copyright © 2021 • All Rights Reserved.Sensible Voice, LLC
1 High Street • Brandon, VT 05733 • Contact Us • Privacy Policy